Generating an incident dossier

ABSTRACT

Methods, devices, and systems for generating an incident dossier are described herein. One device includes a memory, and a processor configured to execute executable instructions stored in the memory to import data associated with an incident associated with a site, wherein the data is in a number of different forms, receive a number of user inputs associated with the incident, and generate an incident dossier based on the data associated with the incident and the number of user inputs, wherein the incident dossier includes a timeline of the incident, a report of the incident, and a damage assessment of the incident.

This is a continuation of co-pending U.S. patent application Ser. No.14/847,715, filed Sep. 8, 2015, which is incorporated herein byreference.

TECHNICAL FIELD

The present disclosure relates to methods, devices, and systems forgenerating an incident dossier.

BACKGROUND

Incidents such as burglaries, fires, and/or slip-and-falls can occur ator within buildings at any time. It can be important, for incidentreconstruction purposes, to quickly ascertain what, where, and when theincident occurred, as well as what response to the incident wasundertaken. For example, if a fire occurred on an upper floor of abuilding, it can be crucial to understand where and when the fireoccurred, as well as why it occurred. This information can be vital inunderstanding how to prevent future incidents, how to improve onresponses to such incidents if they occur again, and any liabilityissues that may arise if any injuries occurred as a result of theincident.

However, current systems for incident reconstruction suffer from variousdrawbacks. For example, current systems do not provide a way to quicklygain a complete view of incidents. Further, quick damage assessment canbe difficult because of a lack of understanding of the detailssurrounding the incident. Additionally, repairs that may need to be madeto the building as a result of the incident may be delayed.

Additionally, current systems for incident reconstruction may not beable to combine data from various building systems. For example,evidence of an incident included in a building video management system,alarm management system, fire management systems, and/or other buildingmanagement systems may need to be manually searched for data relating tothe incident. A manual search can be can be a time consuming and/orexpensive process.

Further, multiple personnel may be involved in response to an incident.It can be difficult to collect and/or log each person's actions inresponse to an incident.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is an illustration of a display on a user interface showing anincident dossier interface, generated in accordance with one or moreembodiments of the present disclosure.

FIG. 2 is an illustration of a display on a user interface showing anincident dossier timeline, generated in accordance with one or moreembodiments of the present disclosure.

FIG. 3 is an illustration of a display on a user interface showing aworkflow review, generated in accordance with one or more embodiments ofthe present disclosure.

FIG. 4 is an illustration of a display on a user interface showing anincident dossier search, in accordance with one or more embodiments ofthe present disclosure.

FIG. 5 is a system for generating an incident dossier, in accordancewith one or more embodiments of the present disclosure.

DETAILED DESCRIPTION

Methods, devices, and systems for generating an incident dossier aredescribed herein. For example, one or more embodiments include a memory,and a processor configured to execute executable instructions stored inthe memory to import data associated with an incident associated with asite, wherein the data is in a number of different forms, receive anumber of user inputs associated with the incident, and generate anincident dossier based on the data associated with the incident and thenumber of user inputs, wherein the incident dossier includes a timelineof the incident, a report of the incident, and a damage assessment ofthe incident.

Generating an incident dossier, in accordance with the presentdisclosure, can allow a user to quickly gain a complete view of anincident that has occurred by automatically aggregating data associatedwith the incident from various systems. Automatic aggregation of datafrom various building systems can greatly reduce the amount of timerequired in reconstructing an incident. This information can be crucialin responding quickly to an incident for damage assessment of a buildingand/or liability issues relating to the incident. Additionally, thisinformation can allow personnel associated with incident response toreview response procedures to enable more efficient responses to futureincidents, and/or apply fixes to ensure a similar incident does notoccur in the future.

In the following detailed description, reference is made to theaccompanying drawings that form a part hereof. The drawings show by wayof illustration how one or more embodiments of the disclosure may bepracticed.

These embodiments are described in sufficient detail to enable those ofordinary skill in the art to practice one or more embodiments of thisdisclosure. It is to be understood that other embodiments may beutilized and that process, electrical, and/or structural changes may bemade without departing from the scope of the present disclosure.

As will be appreciated, elements shown in the various embodiments hereincan be added, exchanged, combined, and/or eliminated so as to provide anumber of additional embodiments of the present disclosure. Theproportion and the relative scale of the elements provided in thefigures are intended to illustrate the embodiments of the presentdisclosure, and should not be taken in a limiting sense.

The figures herein follow a numbering convention in which the firstdigit or digits correspond to the drawing figure number and theremaining digits identify an element or component in the drawing.

As used herein, “a” or “a number of” something can refer to one or moresuch things. For example, “a number of alarms” can refer to one or morealarms.

FIG. 1 is an illustration of a display on a user interface (e.g., userinterface 536, as described in connection with FIG. 5) showing anincident dossier 100, generated in accordance with one or moreembodiments of the present disclosure. As shown in FIG. 1, the incidentdossier 100 can include data 102-1, 102-2, 102-3, 102-4, 102-5, and102-6 associated with an incident.

Incident dossier 100 can be generated by a computing device (e.g.,computing device 530 as described in connection with FIG. 5) byimporting data (e.g., data 102-1, 102-2, 102-3, 102-4, 102-5, and 102-6,as shown in FIG. 1) associated with an incident associated with a site,receiving a number of user inputs associated with the incident,generating a timeline (e.g., timeline 204 described in connection withFIG. 2) of the incident, determining a critical section on the timelineof the incident as will be further described herein (e.g., in connectionwith FIG. 2), and generating incident dossier 100 based on the dataassociated with the incident and the number of user inputs. The data caninclude a number of different forms of data, as will be furtherdescribed herein.

As used herein, an incident can refer to one or more events that occurat a site that may be associated with various forms of data. Forexample, an incident can be a burglary, and a number of door breakagescan be events associated with the burglary. As another example, anincident can be a fire that has occurred, and a number of alarms can beevents associated with the fire.

As used herein, a site can refer to a location where an incident hasoccurred. For example, a fire can occur in a server room of a building.The incident can be the fire that has occurred, whereas the site of theincident can be the server room of the building.

After an incident has occurred, data can be automatically associatedwith the incident. For example, after a burglary has occurred, datarelated to the burglary can be automatically associated with theburglary.

As shown in FIG. 1, incident dossier 100 can include multiple forms ofdata associated with an incident. That is, incident dossier 100 can begenerated based on multiple forms of data associated with the incident.For example, incident dossier 100 can include alarm data 102-1, socialmedia data 102-2, video data 102-3, audio data 102-4, cardholder data102-5, and incident detail data 102-6.

Alarm data 102-1 can include alarms associated with an event that occursin a building. For example, alarm data 102-1 can include informationrelating to the type of alarm, such as a fire alarm that has beenactivated, an alarm indicating an emergency exit door has been opened,an alarm indicating a building access point such as a window or door hasbeen broken, and/or any other type of alarm included as part of an alarmsystem of a building. Additionally, alarm data 102-1 can include otherinformation such as the location of the alarm, the severity level of thealarm, or any other type of alarm information that may be relevant toincident dossier 100.

Alarm data 102-1 can be imported from a building alarm managementsystem. For example, a building alarm management system can include oneor more sensors. Importing alarm data 102-1 can include importing sensordata relating to an incident.

Although importing alarm data 102-1 is described as being imported froma building management system, embodiments of the present disclosure arenot so limited. For example, alarm data 102-1 can be imported from anyother type of source. Additionally, although alarm data 102-1 isdescribed as including sensor data, embodiments of the presentdisclosure are not so limited. For example, alarm data 102-1 can includedata from any other type of alarm.

Social media data 102-2 can include social media content uploaded byvisitors to a building that might relate to an incident. Social mediacontent from social media platforms (e.g., Facebook, Twitter, Instagram,and/or any other social media platform) can be searched for contentuploaded by users that were in proximity to or within the building at atime an incident occurred that might be related to the incident. Forexample, a Facebook user may have taken and uploaded a picture that hascaptured details relating to an incident; the picture the Facebook userhas uploaded can be included in incident dossier 100. As anotherexample, a Twitter user's Tweets about an incident that has occurred maybe included in incident dossier 100.

Although social media data 102-2 is described as including social mediacontent from Facebook, Twitter, and/or Instagram users, embodiments ofthe present disclosure are not so limited. For example, any other socialmedia content from any other social media platform that may be relevantto an incident can be included in incident dossier 100.

Video data 102-3 can include recorded video footage relating to anincident. For example, a building may have a number of security camerasthat may have captured footage relating to an incident. The securitycamera footage of the incident can be included in video data 102-3 aspart of incident dossier 100.

Video data 102-3 can be imported from a building video management systemthat can include security cameras recording video footage. For example,importing video footage can include importing video footage recorded bysecurity cameras in proximity to an incident. Importing video footagecan further include trimming the length of the video footage so as showan incident and/or events relevant to (e.g., events leading up to,and/or events caused by) the incident.

Although importing video data 102-3 is described as being imported froma building management system, embodiments of the present disclosure arenot so limited. For example, video data 102-3 can be imported from anyother type of source. Additionally, although video data 102-3 isdescribed as including security camera footage, embodiments of thepresent disclosure are not so limited. For example, video data 102-3 caninclude any other type of video data that may be relevant to anincident.

Audio data 102-4 can include recorded audio data relating to anincident. For example, audio data 102-4 can include recorded audio ofphone calls of cardholders associated with the incident (e.g.,cardholder data 102-5, as will be further described herein). As anotherexample, audio data 102-4 can include recorded radio communications ofcardholders associated with the incident.

Audio data 102-4 can be imported from a building management system thatcan include recordings of phone calls and/or radio communications ofcardholders associated with an incident. For example, importingrecordings of phone calls and/or radio communications can includetrimming the length of the recordings so as to detail an incident and/orevents relevant to (e.g., events leading up to, and/or events caused by)the incident.

Although importing audio data 102-4 is described being imported from abuilding management system, embodiments of the present disclosure arenot so limited. For example, audio data 102-4 can be imported from anyother type of source. Additionally, although audio data 102-4 isdescribed as including phone calls of and radio communications ofcardholders, embodiments of the present disclosure are not so limited.For example, audio data 102-4 can include any other type of audio datathat may be relevant to an incident.

Cardholder data 102-5 can include persons relating to an incident. Forexample, cardholder data 102-5 can include first responders who may beresponding to an incident. As another example, cardholder data 102-5 caninclude investigators and/or law enforcement personnel involved with anincident investigation. However, embodiments of the present disclosureare not so limited. For example, cardholder data 102-5 can include anyperson involved with the incident.

Cardholder data 102-5 can also include identifying information for eachcardholder. For example, a cardholder can be associated with identifyinginformation such as the cardholder's name, date of birth, physicalcharacteristics of the cardholder, employer, work and/or home address,and/or any other information that may be relevant as identifyinginformation for a cardholder.

Cardholder data 102-5 can further include a record of response times andactions taken in response to the incident by one or more cardholdersassociated with the incident. For example, the actions taken by acardholder in response to an incident can be logged.

Additionally, the time taken by a cardholder to respond to the incidentand/or the time taken to complete each action can be logged. Forexample, global positioning system (GPS) locations of cardholders can beused to determine response times and/or completion times of actions inresponse to an incident.

In some embodiments, an incident may have a predetermined course ofsteps to be taken by a cardholder in response to the incident. Theidentity of the cardholder responding to the incident can be logged, aswell as the steps taken by the cardholder and/or the time taken tocomplete each step.

Cardholder data 102-5 can be imported from a building management systemthat can include occupancy information. For example, importing occupancyinformation can include importing data associated with visitors,employees, and/or any other person occupying the building. Importingoccupancy information can include importing occupancy data of personswithin the building at the time an incident occurred.

Although importing cardholder data 102-5 is described as being importedfrom a building management system, embodiments of the present disclosureare not so limited. For example, cardholder data 102-5 can be importedfrom any other type of source.

Incident detail data 102-6 can include a timeline of the incident (e.g.,timeline 204 as described in connection with FIG. 2), a report of theincident, and/or a damage assessment of the incident. For example, areport of the incident can include information such as what type ofincident has occurred, when the incident occurred, as well as actionstaken in response to the incident.

Incident detail data 102-6 can include a damage assessment of theincident. For example, after a fire, portions of a building may be inneed of repair or destroyed. The damage assessment of the incident candocument items that have been damaged as a result of the incident andthat may need to be repaired or replaced.

Although data associated with an incident included in incident dossier100 is described in connection to FIG. 1 as including alarm data 102-1,social media data 102-2, video data 102-3, audio data 102-4, cardholderdata 102-5, and incident detail data 102-6, embodiments of the presentdisclosure are not so limited. For example, data included in incidentdossier 100 can be any other data that may be relevant to an incident,and may be in any other form.

Incident dossier 100 can also be generated using one or more user inputsassociated with the incident. As used herein, a user input associatedwith an incident can include a time range describing when an incidentoccurred, a selection of a video feed related to an incident, aselection of a radio communication related to an incident, and/or one ormore cardholders associated with an incident. However, embodiments ofthe present disclosure are not so limited. For example, a user input canbe any other input associated with an incident.

The user input associated with an incident can be received from a user.As used herein, a user can be a person associated with incidentinvestigation. For example, a user can be a person associated with amunicipal, state, or federal agency (e.g., police, fire, and/or otherinvestigatory group). As another example, a user can be an operator of abuilding management system.

In some embodiments, incident dossier 100 can be a custom incidentdossier based on a custom data selection received from a user. Thecustom incident dossier can be generated by the user manuallyassociating data with an incident for use in incident dossier 100 bypreferentially selecting data that the user believes might be relevantto the incident. For example, the computing device (e.g., computingdevice 530, as described in connection with FIG. 5) can suggestappropriate data for the user to associate with the incident. In anotherexample, the user can select data for use in incident dossier 100without help from the computing device.

Incident dossier 100 can be generated based on data associated withmultiple incidents. For example, a first incident (e.g., a water pipebursting) may lead to a second incident (e.g., a person slipping andfalling). Incident dossier 100 can be generated based on data associatedwith the first and the second incident. As another example, incidentdossier 100 can be generated based on data associated with more than twoincidents.

Incident dossier 100 can be adjusted based on an additional user input.For example, an alarm included in alarm data 102-1 may not be relevantto the incident. A user can remove the irrelevant alarm from incidentdossier 100 so it is not considered in the report of the incident and/orthe damage assessment of the incident. As another example, a user canadd data associated with (e.g., relevant to) an incident to incidentdossier 100 that was not originally included at the time incidentdossier 100 was generated.

In some embodiments, incident dossier 100 can be adjusted based on aprivilege level of the user. For instance, a user can adjust (e.g., adddata, remove data, etc.) incident dossier 100 only if the user possessesa privilege level granting the user the ability to do so. For example, auser attempting to remove data from incident dossier 100 without theproper privilege level will not be allowed to do so.

A computing device (e.g., computing device 530 as described inconnection with FIG. 5), can generate a number of invoices based on thedamage assessment of the incident. For example, if an incident resultsin damage to the building, the computing device can further utilize thedamage assessment of the incident to generate a number of invoices thatcan detail the cost of repairing the damage caused by the incident.

In some embodiments, incident dossier 100 can be displayed sequentially.For example, incident dossier 100 can display the data associated withthe incident in a chronological order. Displaying the data associatedwith the incident in chronological order can assist a user to betterunderstand the sequence of events that may have led to an incidentoccurring. For example, a user may find an incident relating to aninjurious slip and fall easier to understand by observing events leadingup to the incident. As an additional example, a user may betterunderstand any incidents occurring after the injurious slip and fallthat may be a result of the injurious slip and fall.

In some embodiments, incident dossier 100 can be displayednon-sequentially. For example, incident dossier 100 can display the dataassociated with an incident in a non-chronological order. Displaying thedata associated with an incident in a non-chronological order can help auser to better understand an incident that resulted from a large and/orcomplex number of events. For example, a user may find an incident thathas occurred easier to understand by observing events surrounding theincident in a non-sequential manner to separate events not causallyrelated to the incident from events that may have caused the incident.

FIG. 2 is an illustration of a display on a user interface (e.g., userinterface 536, as described in connection with FIG. 5) showing anincident dossier timeline 204, generated in accordance with one or moreembodiments of the present disclosure. As shown in FIG. 2, the incidentdossier timeline 204 can include critical section indicators (e.g.,minor incident indicator 206 and major incident indicator 208, as willbe further described herein) and synchronous playback 210.

Generating an incident dossier (e.g., incident dossier 100 as describedin connection with FIG. 1) can include generating, by a computing device(e.g., computing device 530 as described in connection with FIG. 5), atimeline 204 of the incident. For instance, timeline 204 may be includedin incident detail data 102-6 of incident dossier 100. A timeline, asused herein, is a display of a list of events and/or incidents inchronological order. For example, as shown in FIG. 2, timeline 204 candisplay a time range of between 9:00 AM and 12:00 PM. Timeline 204 canfurther display all the events and/or incidents that occurred betweenthe time range of 9:00 AM and 12:00 PM, in chronological order.

The time range of timeline 204 can vary based on a user input (e.g., oneor more user inputs as described in connection with FIG. 1). Forexample, a user can select a time range of between 8:00 AM and 5:00 PM.As another example, a user can select a time range of between 9:00 AMand 10:00 AM.

Although the time range of timeline 204 is described as being specifiedon the hour (e.g., 9:00 AM, 10:00 AM, etc.), embodiments of the presentdisclosure are not so limited. For example, the time range of timeline204 can be specified to a selected minute and/or second (e.g., 9:01 AMto 2:35 PM, 9:01:30 AM to 11:32:45 AM, etc.).

Generating an incident dossier (e.g., incident dossier 100 as describedin connection with FIG. 1) can include determining, by a computingdevice, a critical section on the timeline 204 of the incident.Determining a critical section can include analyzing, based on thenumber of user inputs, a number of events that comprise an incident forinstances when a number of events exceeds a threshold number of events.For example, if an incident (e.g., a fire) includes five separate events(e.g., fire alarms, smoke alarms, etc.), and the threshold number ofevents is three, the incident is determined to be a critical section ontimeline 204.

In some embodiments, a threshold number of events can be user specified.For example, a user can manually specify a number of threshold events(e.g., five) to determine a critical section. The user can specify aglobal threshold (e.g., a threshold applying to all types of incidents),and/or specify a threshold specific to the type of incident (e.g., afirst threshold applying to incidents relating to fire, a secondthreshold applying to incidents relating to burglary, a third thresholdto incidents relating to injuries, etc.).

In some embodiments, a threshold number of events can be automaticallyspecified by a computing device (e.g., computing device 530 as describedin connection with FIG. 5). For example, the computing device canautomatically specify a threshold number of events (e.g., five) todetermine a critical section. The computing device can specify a globalthreshold (e.g., a threshold applying to all types of incidents), and/orspecify a threshold specific to the type of incident (e.g., a firstthreshold applying to incidents relating to fire, a second thresholdapplying to incidents relating to burglary, a third threshold toincidents relating to injuries, etc.).

As shown in FIG. 2, the timeline 204 can include one or more criticalsection indicators (e.g., minor incident indicator 206 and majorincident indicator 208) that can provide a user with data associatedwith a critical section. A user can interact with a critical sectionindicator by clicking on the indicator. For example, as shown in FIG. 2,clicking minor incident indicator 206 can reveal to the user the eventsassociated with the incident (e.g., two alarms and video data from twocameras). Further, clicking on an individual event associated with theincident (e.g., video data from one of the two cameras) can allow theuser to view information about that event.

Determining a critical section on timeline 204 can include indicatingmajor incidents on the timeline. For example, major incident indicator208 can indicate a major incident. A major incident can include anincident with a number of events that exceeds a threshold number ofevents (e.g., a critical section) and also reaches a severe threat levelby exceeding a further threshold number of events. For example, a majorincident can include ten events, exceeding a threshold number of events(e.g., three) so as to be a critical section, and exceeding a furtherthreshold number of events (e.g., seven), so as to obtain a severethreat level and be indicated as a major incident.

In some embodiments, a major incident can be determined by the type ofincident. For example, an incident relating to a fire can be indicatedas a major incident. As an additional example, an incident relating to aterrorist attack can be indicated as a major incident.

Determining a critical section on timeline 204 can include indicatingminor incidents on the timeline. For example, minor incident indicator206 can indicate a minor incident. A minor incident can include anincident with a number of events that exceeds a threshold number ofevents (e.g., a critical section) but does not reach a severe threatlevel by exceeding a further threshold number of events. For example, aminor incident can include five events, exceeding a threshold number ofevents (e.g., three) so as to be a critical section, but not exceeding afurther threshold number of events (e.g., seven), so as to be indicatedas a minor incident with a non-severe threat level.

In some embodiments, a minor incident can be determined by the type ofincident. For example, an incident relating to a slip and fall injurycan be indicated as a minor incident. As an additional example, anincident relating to a burglary can be indicated as a minor incident.

Once a critical section has been determined on timeline 204, a user canbe notified that the critical section has been determined. For example,a user can be notified of a critical section via a prompt, audio cue, orany other notification to obtain the user's attention.

Although not shown in FIG. 2 for clarity and so as not to obscureembodiments of the present disclosure, timeline 204 can include a damageassessment of an incident (e.g., as described in connection with FIG.1). For example, a critical section on timeline 204 relating to anincident (e.g., a fire) can include the damage assessment associatedwith the incident.

In some embodiments, timeline 204 can include a number of invoicesassociated with an incident (e.g., as described in connection with FIG.1). For example, a critical section on timeline 204 relating to anincident (e.g., a fire) can include a number of invoices generated basedon a damage assessment of the incident.

As shown in FIG. 2, the timeline 204 can include a synchronous playback210 of the incident. For example, a user can view a synchronous playbackof events as they occurred through synchronous playback 210. Synchronousplayback 210 can include data associated with an incident (e.g., alarmdata 102-1, social media data 102-2, video data 102-3, audio data 102-4,cardholder data 102-5, and incident detail data 102-6, as described inconnection with FIG. 1), or any other data associated with an incident.

Synchronous playback 210 can occur at a speed specified by a user. Forexample, the user can specify the speed (e.g., 0.5×, 1×, 2×, etc.) atwhich synchronous playback 210 occurs. Further, the user can stop,rewind, or skip ahead and/or behind the current playback position ofsynchronous playback 210.

FIG. 3 is an illustration of a display on a user interface (e.g., userinterface 536, as described in connection with FIG. 5) showing aworkflow review 312, generated in accordance with one or moreembodiments of the present disclosure. As shown in FIG. 3, the workflowreview 312 can include cardholder response 314 and review tools 316.

As shown in FIG. 3, workflow review 312 can display a record of responsetimes and actions in response to the incident taken by the one or morecardholders associated with the incident. For instance, cardholderresponse 314 can illustrate the steps taken by a cardholder in responseto an incident. For example, in response to a fire, a cardholder canhave a predetermined course of steps to take in response to the fire.Cardholder response 314 can illustrate the individual steps thecardholder took in response to the fire, as well as the time taken ateach step.

As shown in FIG. 3, workflow review 312 can include review tools 316.For example, review tools 316 can include tools to review additionalcardholder responses to an incident, locations and/or routes taken bycardholders in response to an incident, communications of cardholders inresponse to an incident, and/or other review tools.

FIG. 4 is an illustration of a display on a user interface (e.g., userinterface 536, as described in connection with FIG. 5) showing anincident dossier search 418, in accordance with one or more embodimentsof the present disclosure. As shown in FIG. 4, the incident dossiersearch 418 can include a date and time search 420, location filter 422,search tools 424, and casebook generator 426.

A user can utilize date and time search 420 to search for a previouslycreated incident dossier by inputting a date and time search query intodate and time search 420. For example a user, in response to a burglary,can search for an incident dossier previously created in response to aprevious break in by specifying a date and time in date and time search420 that the user believes the burglary occurred. As another example,the user can search for an incident dossier by specifying a date andtime range for date and time search 420.

As an additional example, a user can specify a facility name in locationfilter 422. Additionally, the user can specify sub-locations within afacility via location filter 422. For example, a user can search forincidents occurring in a specific location (e.g., a storage room locatedin a large manufacturing plant) by specifying that location via locationfilter 422. Specifying a location can narrow search results in a systemwith multiple locations and/or many incidents.

Search tools 424 can be used to further specify search results. Forexample, a user can search for previously created incident dossiers bysearching known previous incidents that have occurred, video data (e.g.,security camera footage), cardholders, audio data (e.g., radiocommunications), alarms, social media data, or any other type of dataassociated with an incident.

Although not shown in FIG. 4 for clarity and so as not to obscureembodiments of the present disclosure, a user can search for apreviously created incident dossier based on an event timeline. An eventtimeline can include a number of incidents associated with a site, whereeach incident includes a number of events. The number of eventscomprising each respective incident can indicate a severity level ofthat respective incident.

The severity level of each respective incident can be indicated on anevent timeline (e.g., minor incident indicator 206 and major incidentindicator 208, as described in connection with FIG. 2). The more severeincidents can be indicated on the timeline by using a larger indicator.A user can utilize the size of the indicators on the timeline to searchfor a particular incident.

Generating an incident dossier (e.g., incident dossier 100 as describedin connection with FIG. 1) can include generating and exporting, by acomputing device (e.g., computing device 530 as described in connectionwith FIG. 5), a casebook of the incident by using casebook generator426. A casebook of the incident can include the incident dossierdetailing what incident occurred, when the incident occurred, how theincident was responded to, and a number of invoices (e.g., invoicesgenerated based on the damage assessment of the incident, as describedin connection with FIG. 1), detailing any resulting damages from theincident.

Generating an incident dossier can include generating and exporting acasebook including a previously generated incident dossier. For example,an incident dossier found using date and time search 420 can be exportedas a casebook using casebook generator 426. A casebook of a previouslygenerated incident dossier can include details describing what incidentoccurred, when the incident occurred, how the incident was responded to,and a number of invoices detailing any resulting damages from theprevious incident.

FIG. 5 is a system 528 for generating an incident dossier, in accordancewith one or more embodiments of the present disclosure. As shown in FIG.5, system 528 can include a computing device 530. Computing device 530can include a memory 534 and a processor 532 configured generate anincident dossier in accordance with the present disclosure.

The memory 534 can be any type of storage medium that can be accessed bythe processor 532 to perform various examples of the present disclosure.For example, the memory 534 can be a non-transitory computer readablemedium having computer readable instructions (e.g., computer programinstructions) stored thereon that are executable by the processor 532 togenerate an incident dossier in accordance with the present disclosure.Further, processor 532 can execute the executable instructions stored inmemory 534 to generate an incident dossier in accordance with thepresent disclosure.

The memory 534 can be volatile or nonvolatile memory. The memory 534 canalso be removable (e.g., portable) memory, or non-removable (e.g.,internal) memory. For example, the memory 534 can be random accessmemory (RAM) (e.g., dynamic random access memory (DRAM) and/or phasechange random access memory (PCRAM)), read-only memory (ROM) (e.g.,electrically erasable programmable read-only memory (EEPROM) and/orcompact-disc read-only memory (CD-ROM)), flash memory, a laser disc, adigital versatile disc (DVD) or other optical storage, and/or a magneticmedium such as magnetic cassettes, tapes, or disks, among other types ofmemory.

Further, although memory 534 is illustrated as being located withincomputing device 530, embodiments of the present disclosure are not solimited. For example, memory 534 can also be located internal to anothercomputing resource (e.g., enabling computer readable instructions to bedownloaded over the Internet or another wired or wireless connection).

As shown in FIG. 5, computing device 530 includes a user interface 536.A user (e.g., operator) of computing device 530 can interact withcomputing device 530 via user interface 536. For example, user interface536 can provide (e.g., display and/or present) information to the userof computing device 530, and/or receive information from (e.g., inputby) the user of computing device 530. For instance, in some embodiments,user interface 536 can be a graphical user interface (GUI) that caninclude a display (e.g., a screen) that can provide and/or receiveinformation to and/or from the user of computing device 530. The displaycan be, for instance, a touch-screen (e.g., the GUI can includetouch-screen capabilities). Alternatively, a display can include atelevision, computer monitor, mobile device screen, or other type ofdisplay device connected to computing device 530 and configured toreceive a video signal output from the computing device 530.

As an additional example, user interface 536 can include a keyboardand/or mouse the user can use to input information into computing device530. Embodiments of the present disclosure, however, are not limited toa particular type(s) of user interface.

As shown in FIG. 5, computing device 530 can import incident data 538and receive a number of user inputs via user interface 536. Computingdevice 530 can further generate an incident dossier, including atimeline of an incident, a critical section indicated on the timeline, areport of the incident, and a damage assessment of the incident, todisplay to a user via user interface 536. Further, computing device 530can export casebook 540 including the incident dossier and a number ofinvoices based on the damage assessment of the incident for use by theuser of computing device 530 and/or another user.

Although specific embodiments have been illustrated and describedherein, those of ordinary skill in the art will appreciate that anyarrangement calculated to achieve the same techniques can be substitutedfor the specific embodiments shown. This disclosure is intended to coverany and all adaptations or variations of various embodiments of thedisclosure.

It is to be understood that the above description has been made in anillustrative fashion, and not a restrictive one. Combination of theabove embodiments, and other embodiments not specifically describedherein will be apparent to those of skill in the art upon reviewing theabove description.

The scope of the various embodiments of the disclosure includes anyother applications in which the above structures and methods are used.Therefore, the scope of various embodiments of the disclosure should bedetermined with reference to the appended claims, along with the fullrange of equivalents to which such claims are entitled.

In the foregoing Detailed Description, various features are groupedtogether in example embodiments illustrated in the figures for thepurpose of streamlining the disclosure. This method of disclosure is notto be interpreted as reflecting an intention that the embodiments of thedisclosure require more features than are expressly recited in eachclaim.

Rather, as the following claims reflect, inventive subject matter liesin less than all features of a single disclosed embodiment. Thus, thefollowing claims are hereby incorporated into the Detailed Description,with each claim standing on its own as a separate embodiment.

What is claimed:
 1. A computing device for generating an incidentdossier of one or more incidents occurring in a building, comprising: amemory for storing executable instructions; a processor operativelycoupled to the memory, the processor configured to execute theexecutable instructions stored in the memory to: access data associatedwith one or more incidents; generate an incident dossier based on thedata associated with the one or more incidents, wherein the incidentdossier includes: a timeline; one or more incident indicators eachcorresponding to a corresponding one of the one or more incidents,wherein at least one of the incident indicators: is temporally alignedalong the timeline; visually indicates a severity level of thecorresponding incident; and is selectable to display additional dataassociated with the corresponding incident, wherein the additional dataincludes data related to one or more events that are associated with thecorresponding incident; and a user interface including a displayconfigured to display the incident dossier; and in response to aselection of a corresponding incident indicator in the displayedincident dossier, displaying at least some of the additional dataassociated with the corresponding incident.
 2. The computing device ofclaim 1, wherein at least some of the data associated with one or moreof the incidents is provided by a building management system of thebuilding.
 3. The computing device of claim 2, wherein at least one ofthe one or more incident indicators is associated with two or moreevents.
 4. The computing device of claim 3, wherein at least one of thetwo or more events corresponds to an alarm issued by the buildingmanagement system.
 5. The computing device of claim 3, wherein when anincident indicator that is associated with two or more events isselected by a user, each of the two or more events are revealed andconcurrently displayed to the user.
 6. The computing device of claim 1,wherein at least one of the incident indicators is displayed larger onthe display to visually indicate a higher severity level and isdisplayed smaller on the display to visually indicate a lower severitylevel.
 7. The computing device of claim 1, wherein the additional datarelated to one or more of the one or more events includes a video clipthat captured at least part of a corresponding event.
 8. The computingdevice of claim 1, wherein the timeline includes one or more usercontrols that allow a user to move forward along the timeline and/orbackward along the timeline.
 9. The computing device of claim 1, whereinthe timeline includes one or more user controls that allow a user toenter a time range for the timeline.
 10. The computing device of claim1, wherein the incident dossier includes two or more incident indicatorseach temporally aligned along the timeline.
 11. The computing device ofclaim 10, wherein at least one of the two or more incident indicators indisplayed larger than at least one other incident indicator indicating ahigher severity level.
 12. The computing device of claim 10, wherein thetimeline includes a synchronous playback control.
 13. A computerimplemented method for generating an incident dossier of one or moreincidents occurring in a building, comprising: importing, by a computingdevice, data associated with one or more incidents; generating, by thecomputing device, an incident dossier based on the data associated withthe one or more incidents, wherein the incident dossier includes: atimeline; one or more incident indicators each corresponding to acorresponding one of the one or more incidents, wherein at least one ofthe incident indicators: is temporally aligned along the timeline; isselectable to display additional data associated with the correspondingincident, wherein the additional data includes data related to one ormore events that are associated with the corresponding incident; anddisplaying, by the computing device, the incident dossier, wherein inresponse to a selection of a corresponding incident indicator of theincident dossier, displaying at least some of the additional dataassociated with the corresponding incident.
 14. The computer implementedmethod of claim 13, wherein at least some of the data associated withone or more of the incidents is provided by a building management systemof the building.
 15. The computer implemented method of claim 13,wherein at least one of the one or more incident indicators isassociated with two or more events.
 16. The computer implemented methodof claim 15, wherein at least one of the two or more events correspondsto an alarm issued by a building management system.
 17. The computerimplemented method of claim 15, wherein when an incident indicator thatis associated with two or more events is selected by a user, each of thetwo or more events are revealed and concurrently displayed to the user.18. A method for generating an incident dossier of one or more incidentsoccurring in a building, the method comprising: displaying a timeline;displaying one or more incident indicators each temporally aligned alongthe timeline; in response to a selection by a user of one of the one ormore incident indicators, displaying additional information regardingone or more events that are associated with the selected one of the oneor more incident indicators.
 19. The method of claim 18, wherein inresponse to a selection by a user of an incident indicator that isassociated with two or more events, revealing each of the two or moreevents to the user.
 20. The method of claim 19, further comprising: inresponse to a selection by a user of one of the one or more revealedevents, displaying additional information regarding the selected event.